##############################################################################
#
# Title    : Sphinix Mobile Web Server Multiple Persistent XSS Vulnerabilities
# Author   : Prabhu S Angadi SecPod Technologies (www.secpod.com)
# Vendor   : http://www.sphinx-soft.com/MWS/index.html
# Advisory : http://secpod.org/blog/?p=453
#            http://secpod.org/advisories/SecPod_SPHINX_SOFT_Mobile_Web_Server_Mul_Persistence_XSS_Vulns.txt
# Software : Mobile Web Server U3 3.1.2.47
# Date     : 01/08/2012
#
###############################################################################

SecPod ID: 1027					23/08/2011 Issue Discovered
                                                20/01/2012 Vendor Notified
						No Response
						01/02/2012 Advisory Released


Class: Cross-Site Scripting (Persistent)        Severity: Medium


Overview:
---------
Sphinx Software Mobile Web Server is prone to multiple persistent Cross Site
Scripting vulnerabilities.


Technical Description:
----------------------
Input passed via the 'comment' to 1)/Blog/MyFirstBlog.txt,
2)/Blog/AboutSomething.txt pages are not properly verified, which allows remote
attackers to inject arbitrary script code.


Impact:
--------
Successful exploitation could allow remote attackers to execute malicious
scripts and steal sensitive data.


Affected Software:
------------------
Mobile Web Server U3 3.1.2.47


Tested on:
-----------
Mobile Web Server U3 3.1.2.47 on Windows XP SP2.


References:
-----------
http://secpod.org/blog/?p=453


Proof of Concept:
----------------
1) /Blog/MyFirstBlog.txt?comment=<script>alert(1234)</script>&submit=Add+Comment


2) /Blog/AboutSomething.txt?comment=<script>alert(1234)</script>&submit=Add+Comment


Vendor URL:
----------------
http://www.sphinx-soft.com/MWS/index.html


Solution:
----------
Not available


Risk Factor:
-------------
    CVSS Score Report:
        ACCESS_VECTOR          = NETWORK
        ACCESS_COMPLEXITY      = LOW
        AUTHENTICATION         = NOT_REQUIRED
        CONFIDENTIALITY_IMPACT = PARTIAL
        INTEGRITY_IMPACT       = PARTIAL
        AVAILABILITY_IMPACT    = NONE
        EXPLOITABILITY         = PROOF_OF_CONCEPT
        REMEDIATION_LEVEL      = UNAVAILABLE
        REPORT_CONFIDENCE      = CONFIRMED
        CVSS Base Score        = 6.4 (AV:N/AC:L/Au:N/C:P/I:P/A:N)

Credits:
--------
Prabhu S Angadi of SecPod Technologies has been credited with the discovery of this
vulnerability.